Re: dealing with bogon spam ?

[Jeroen Massar <jeroen () unfix org>]

Leslie wrote:
[..]
> It seems to me like the best solution might be a semi-hacky solution of
> asking arin (and other IRR's) if i can copy its DB and creating an
> internal peer which null routes unallocated blocks (updated nightly?)

What you want to take is:

$rirs = array(
                "afrinic"       =>
"ftp://ftp.ripe.net/pub/stats/afrinic/delegated-afrinic-latest";,
                "apnic"         =>
"ftp://ftp.ripe.net/pub/stats/apnic/delegated-apnic-latest";,
                "arin"          =>
"ftp://ftp.arin.net/pub/stats/arin/delegated-arin-latest";,
                "lacnic"        =>
"ftp://ftp.ripe.net/pub/stats/lacnic/delegated-lacnic-latest";,
                "ripe"          =>
"ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest";,
                "brnic"         =>
"ftp://ftp.registro.br/pub/stats/delegated-ipv6-nicbr-latest";,

//// Avoid broken/slow servers:
////            "afrinic"       =>
"ftp://ftp.afrinic.net/pub/stats/afrinic/delegated-afrinic-latest";,
////            "apnic"         =>
"ftp://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest";,
////            "lacnic"        =>
"ftp://ftp.lacnic.net/pub/stats/lacnic/delegated-lacnic-latest";,
);


Yes, generally the latter three are broken, but as they are mirrored to
RIPE anyway, you can just pull them off there.

Then you have all IPv4 and IPv6 delegated blocks. If it is not in there,
it is a bogon. Yes, those are updated only once in a day or so, thus if
some one is going to start using the block before it is published in
those files you will get some false-positives, but then ask the question
why they get a block up so quickly and start spamming you in the first
place.....

Those /stats/ dirs contain other useful things btw.

Greets,
 Jeroen

Attachment: signature.asc
Description: OpenPGP digital signature